After a week where even a simple joke overheard at a conference can get you fired, I’m keenly aware of how careful people need to be about what they say in the workplace. Coincidentally, while I watch a stream of emails from LinkedIn advising me that people are endorsing me for various skills, I couldn’t help wonder what it would be like if people could say how they really feel.
It might look something like this:
Update 2012-12-06: As has been mentioned in the comments, there’s now support from Google for attaching 2-step verification to a new device and removing it from the current device. That process should be used going forward, however the info here is still interesting from a historical perspective.
Adding 2-step verification (not sure why they just can’t call it what it is: 2 factor authentication) to Google accounts is one of the smartest things the company has ever done. Anything as central to one’s identity as an e-mail account should be protected with the utmost vigilance. That’s not to say that it’s a) easy, or b) perfect. It isn’t. On the ease of use front – few people other than the most geeky of my friends have bothered to implement it. Two factor authentication is difficult for some people to understand, but most people get along just fine with the RSA tokens issued to them by their work or bank (although they aren’t exactly sporting the best security record this year). The complication for Google comes in the way that they’ve decided to implement per-application passwords. But no matter; this has been reviewed to death. The fact is that 2-step verification adds a TON of security to your Google account, and no matter how difficult it is to use, just use it.
My issue with the system is that there are a couple of traps that are easy to fall into; and the only way out is to go through the process of setting up 2-step verification all over again; loosing any per-application passwords you’ve created (which in my case is a lot). Once you’ve got your barcode or key once to set up a mobile Authenticator app – you can’t get it again. One shot, no do-overs. Need to move your Google Authenticator to a new mobile device? Tough. I find this hugely annoying and would like to save others the wasted time I have spent on a couple of occasions now, starting from scratch. The crux of the issue is that the Google Authenticator app gives you no easy way to retrieve the hidden key, or move it to another device. Changing the device on the Account Security page forces you to remove and re-enable 2-factor authentication. So I’m going to show you 3 ways to move the key yourself.
First off, if you’ve never set up Google Authenticator before, here’s a crucial tip – when you are prompted to scan the barcode containing your account key by the Android app – do a screenshot ! Keep that screenshot very safe; you can easily use it to set up a different device in the future. Or if you want – just copy the “Key” that’s listed if you click the + beside “Can’t scan the QR code”. It’s just as good. You’re done; be thankful folks like me have wasted our time blazing the trail so you can walk along it.
If you’re rooted – fear not, Titanium Backup will easily backup and restore the Google Authenticator user data; and along with it let you restore that onto a new device. Potential caveat – if you’re backing up and restoring on totally different versions of Android (say 2.2 to 2.3) this may not work correctly. In which case – go for method 3 below
Perhaps you’re not perm-rooted, or you’re moving between major version of Android. The time eventually came for me when I made the mistake of installing Google Authenticator on a device I hadn’t yet rooted – my new HTC Thunderbolt. Due to the instability of ROMs currently available for the Thunderbolt – I decided to stay stock, until the Gingerbread update appeared (which it has not). To my dissapointment the rooting methods available for the Thunderbolt all require wiping your entire device by downgrading the firmware to an engineering build. So much for getting Titanium Backup working. In this case – we must fallback to temp-root shell methods Thankfully even most locked down devices are usually able to get a temporary root shell with things like “psneuter” – look it up. That’s all we need!
Get a root shell or root adb.
Enter the following command:
for adb
$ adb pull /data/data/com.google.android.apps.authenticator/databases/databases
for root shell
# cp /data/data/com.google.android.apps.authenticator/databases/databases /sdcard/
This will give you the databases file – either locally in the case of adb; or on the sd/external storage partition of your Android device – just copy it locally.
The databases file is just an sqlite database. Open that file up with a GUI sqlite editor or the command line sqlite3 program. I’ll assume you’re going the command line route
$ sqlite3 ./databases sqlite> select * from accounts; 1|user.name@gmail.com|key|0|0
The key column contains your key.
Setup Google Authenticator on a new device
Instead of scanning a barcode – add the account manually, with the key you just retrieved in Step 3.
Pat yourself on the back – you’ll never have to deal with setting up 2-step verification from scratch again.
When I sit at a desk, there is often a screen in front of me, usually many. The slightest motion anyone nearby makes towards pointing at something on my screen will instantly get me defensive. I am constantly concerned that someone will touch my screen. I cannot stand marks, dirt, blemishes or most of all fingerprints on my screens! The screen attached to a computer, or TV Tuner, DVD player or video game console is a window into the electronic world. It is the lens through which we receive the most direct communication from our digital devices. Any imperfection in this lens mars the clarity of that interface; and destroys the “suspension of disbelief” that what I’m looking at isn’t really there. I feel the same way about my glasses, the slightest hint of anything on them provokes a thorough cleaning.
Imagine my horror a few years ago as the future of technology began to suggest that touchscreen interfaces would become a big part of day to day life. Not only would I be unable to stop people from touching screens, I myself would have to touch my own screens all the time!!
I could stick with a non-touchscreen smartphone (few are left on the market). I could too, ignore the iPad and Android tablet craze, and exist with old fashioned LCD monitors attached to laptops and desktops. But this too would be incongruous with my character. I am fascinated by technology, and always drawn to acquire the latest gadget so that I may experiment and be at the forefront of the digitization of life. In the conflict between maintaining pristine glassy screen surfaces, and the prospect of being unable to experience the latest in technology and in human/computer interfaces; something has to give.
Right now, I’ve got 3 touchscreen smartphones, and two tablets. Since they joined me, I have been on a quest to minimise fingerprints and smudges on my screens by any means necessary.
I’ve tried just about every type of screen protector on the market. Many are flat out lousy. Some are purely useful for protection, while some go further and try to minimize oil and fingerprint buildup too. Often they do this with a matte finished plastic that also interferes optically with the screen. After trying (and ultimately removing) a lot of different protectors, I’ve settled on the SGP Steinheil Ultra Series protectors. They come in 3 different flavors (clear, oleophobic, and anti-fingerprint). I chose the Oleophobic version as it has the best compromise between optical clarity and fingerprint resistance.
SGP HTC Thunderbolt Screen Protector – Amazon
Screen protectors are great for smartphones, because they often get dropped, put in my car cup holder while I’m driving, or in a pocket. So the protection feature of films is useful. But I treat tablets much more carefully. When not in use, they are always covered or in a case. Putting a screen protector on a tablet is then less desirable. For a time, I just dealt with the inevitable smudges and fingerprints. Then I came across Nu-Screen. They have a particularly horrible website that looks like the digital equivalent of an infomercial. But the truth is, the product is absolutely fantastic. Simple really, it’s wax for your screen, like you would apply wax to a car’s paint job for a transparent layer of protection. It’s applied just like car wax too: put some on the screen, rub it in until it’s got a noticeable haze, let it set for a while, then buff it out with a cloth.
Here are the results:
The second photo shows the polish after being applied and rubbed into a haze. The last photo was taken after I had buffed the lower half of the tablet. It leave a completely clear surface with no evidence of wax. On that polished surface, most touching produces no fingerprints or smears at all. A full thumb pad press leaves a barely visible residue which is easily wiped away with another finger. Wiping the tablet with a cloth after the waxing is noticeably smoother and any traces of oil or smudges are removed with ease.
Many people have a fundamental lack of understanding about what Amazon provides. The two key services that experienced outages were EC2 and RDS. EC2 provides virtual servers. These are not magic servers that instantly are re-routed to another datacenter in case of a failure. They are just virtual servers, and should be treated as such. RDS provides a semi-managed database instance. It has a feature called Multi-AZ (Availability Zone) that is supposed to help protect from an outage, but in this case it didn’t work as multiple Amazon “Availability Zones” were affected. In short, Amazon is providing Infrastrucutre as a Service (IaaS). Contrast this with Platform as a Service (PaaS) which is intended to provide a fully managed platform on which you can deploy applications. A PaaS offering should be transparently re-routed to another datacenter on your behalf, but typically an IaaS service would not be, unless it was explicitly designed to do so (which Amazon’s was not).
Just because your server is a “cloud” server, it can fail just like any piece of hardware. Amazon machines can be more problematic if they are “instance-store” machines, which means their disk space is transient, and any Operating System crash or underlying hardware failure can cause loss of the entire volume the machine is using. Amazon designed Elastic Block Store (EBS) to be a persistant disk store for EC2 machines, however, it failed too (or more specifically became unavailable, it is yet to be seen how much data-loss truly occurred). It also underpins the RDS service offering, which was also heavily impacted. No matter how fancy, well designed or redundant, technology can and often will fail. Be aware of the technology you are operating on, how it might fail, and what a failure would cause.
Diversify your technology just like any other investment. Don’t put all your servers and data on one service provider, or location. Consider Reddit vs. Netflix. Reddit was hosted within a single Amazon region and was knocked offline by this outage. Netflix used multiple Amazon regions across the world, and was able to maintain service throughout the outage.
Consider the interconnectedness of your various services. In the Amazon case, EC2 machines and RDS databases across an entire datacenter relied on the same EBS backing store for storage. A cascading failure brought everything down.
Be flexible, have multiple backups and contingencies and be able to move your site and traffic accordingly. Keep a copy of your critical data somewhere apart from your main cloud hosting provider. Automate your deployment and keep a local copy of your configuration files/scripts too.
Test your Disaster Recovery Plan often. Once or twice a year, rebuild yourself a brand new cloud environment (perhaps from a different cloud vendor!) from scratch and transition all your data/customers over to it. That way if/when a disaster happens you’ll be well prepared to recover.
In my last post regarding SSDs i showed how to disable “last access time” on the filesystem stored on an SSD. However, that solution only covered single-SSD solutions where the SSD was the boot drive (root partition).
Having a filesystem update the last accessed time of every file is not something most people need. It puts needless wear on an SSD turning even read operations into writes.
Here’s an example file file called com.noatime.plist which goes into /Library/LaunchDaemons. Again, see the last post for details.
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>Label</key> <string>com.my.noatime</string> <key>ProgramArguments</key> <array><string>mount</string> <string>-vuwo</string> <string>noatime</string> <string>/</string> </array> <key>RunAtLoad</key><true/> </dict> </plist>
But what does it do? Well, simply it executes this command at boot time (well, after boot, during the load sequence)
mount -vuwo noatime /
I’m assuming you have a clue what the “mount” command does, but look at the options:
-v (verbose, actually.. this is not absolutly require since it’s a headless command, although presumably it might show up in the system log somewhere and in case of failure
-u (The -u flag indicates that the status of an already mounted file system should be changed. By this point in the load sequence our filesystems have already been mounted)
-w (Mount the file system read-write – probably not 100% needed)
-o noatime (Set the noatime option)
You already have a noatime plist file and want to make another one, perhaps because you:
Ok, let’s start by assuming you have a drive called Flash that is your 2nd SSD. It would typically mount as /Volumes/Flash. If we were going to execute a command to remount it with the noatime option we’d execute:
mount -vuwo noatime /Volumes/Flash
Try executing that command (with “sudo” in front) and verify that it remounts your filesystem correctly.
If that worked, let’s create a new plist file to do just that. Name it something like com.noatime-flash.plist.
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "<a href="http://www.apple.com/DTDs/PropertyList-1.0.dtd">http://www.apple.com/DTDs/PropertyList-1.0.dtd</a>"> <plist version="1.0"> <dict> <key>Label</key> <string>com.my.noatime2</string> <key>ProgramArguments</key> <array> <string>mount</string> <string>-vuwo</string> <string>noatime</string> <string>/Volumes/Flash</string> </array> <key>RunAtLoad</key> </dict> </plist>
Important things:
See the last post for info on how to install your plist file and verify that it’s working, except now you may have two (or more!)
Wasn’t that easy?
My experiences with the private car service Uber (formerly Ubercab) in San Francisco.
Good: Simple to use mobile app, great premium cars, excellent availability, courtious drivers, no fumbling for cash or credit cards.
Room for Improvement: You better have the exact address/intersection you’re going to – the drivers don’t really know the city, it ain’t cheap (but you get what you pay for!).
SF is a particularly bad place to be a taxi passenger. There are few of them on the roads making it very much a sellers market, and oftentimes as a potential rider in busy areas, one is fighting against many other people also looking for a ride. Taxi dispatch companies often don’t answer their phones, and trying to call a cab is a hit-and-miss experience; sometimes you will get one, sometimes not. Cab drivers frequently don’t respond to calls to their dispatch service for a scheduled pickup, and even if they do, will often time take another fare if approached while waiting for their intended passenger. The companies keep fleets of terrible cars, often in disrepair, filthy, and odorous. Every time I exit a cab in SF, I immediately want to take a shower and burn my clothes.
The mobile application is simple and slick – enabling you to easly call for a car, and track the location/ETA of your driver. It is infinitely superior to the experience of calling a Taxi dispatch company, and having no idea if/when you will get picked up.
I’ve been able to get a car within 5-10min on 10 out of the 11 occasions I’ve used the service, with the exception of an extremely rainy day where there was very bad traffic in my area at rush hour and the closest car was nice enough to call me and explain how he was stuck in gridlock and wouldn’t be able to get to me in a reasonable timeframe. I’ve recently gone from requesting a car while still in my apartment, to waiting until I’m actually outside, because twice the drivers have arrived faster than I could get downstairs and started calling to see where I was and whether they had the correct location.
The cars have all been great. Usually they are black Lincoln Town Cars, but I’ve also been picked up a couple times in an S-Class AMG Mercedes. There’s always plenty of room in the back seats, and they are a welcome change from the beat-up lousy cabs one gets in SF. Some drivers stock their cars with water bottles and magazines for passengers (that usually prompts an extra tip from me, despite the no-tip-needed policy).
The drivers are very polite, not talking on the phone, smoking, or listening to obnoxious music – quite professional. However, they often don’t know the city as well as some cabbies, and typically need you to provide an exact address or intersection that they can enter into a GPS navigation system in order to find the destination. A couple times they have been unable or unwilling to successfully navigate some one-way streets and intricacies of SF and have had to call and say they are at a nearby corner – asking me to walk to them. This is a minor annoyance, but it’s usually only been a block. Despite pinpointing the location of my building’s entrance on the mobile application’s map interface, the drivers seem to have problems locating my lobby. Cab drivers on the other hand always know my building and how to get there, although I have had many experiences with cabs in SF not responding to calls at all. I just go to the back entrance of my building which is at an easier location, no big deal really.
It’s almost exactly twice as much as a normal cab. But given the convenience, ease of the whole experience (no waiting around to settle the tab & tip at the end of the ride) and the caliber of cars, I’m happy to pay the premium. It was a bit excessive on New Years Eve though, they doubled their prices for the night (but did give plenty of advance warning). They do have various specials, like the odd flat rate airport deal, or discounted rides in certain areas at certain times. I hope one of these named Hipster Thursdays doesn’t degrade the cleanliness of the cars or leave them smelling like PBR 
Despite the cost, I absolutely love the service and will continue to use it. I welcome some badly needed competition in this market, and hope it encourages the Taxi companies to step up and offer a better experience to their customers – They have a ridiculous monopoly in on-demand transportation. If I experience anything else notable, I’ll come back and update the review.
If anyone wants a referral/invite to the service, this link will start you off with a $10 credit: http://www.uber.com/?invite=uyd4f
Updated for Lion Dec 18th, 2011
If you aren’t running an SSD in your mac, you should be! The performance improvement is startling, boot times < 30 seconds, applications open instantly. SSDs lead to better battery life, and reduced chance of crashing hard drives due to shock or drops. This post consolidates the key tips & tricks to running an SSD in current Macs.
SSDs don’t have to wait for a read/write head to be lined up in the right place above a spinning platter that also has to get to the correct rotational position to enable a sector to be read or written. It’s direct memory access, extremely fast. Latencies of a hard drive: 4-10ms, vs 0.1-0.2ms for a good SSD. This makes an incredible difference as random read and write operations tend to bog down hard drives and are very typical on a multi-tasking machine. A standard hard drive is limited in its throughput by rotational speed, SSDs are not, allowing an SSD to read/write 2-3 times the amount of data. For an illustration of this – check out a video made by JoshForceOne, a good friend of mine (who happens to be one of the most knowledgable folks out there on OS X86).
http://www.youtube.com/watch?v=pO8_o6mifW8
No moving heads, no spinning platters at 5000-7200RPM means less power used. SSDs don’t incur any latency to “spin-up” so they can drop down to low power states and resume immediately. This can lead to a 10%+ increase in laptop battery life.
We’ve all had hard drives crash.. they’re moving parts that can be affected by all sorts of things and often fail in laptops due to being constantly moved around, dropped, bumped etc.
Choosing an SSD is largly about choosing the right controller. Sandforce controllers have taken the market by storm and offer the best performance and durability out there. My two top picks are the OCZ Vertex 3, and drives by OWC. Apple SSD options are a bit overpriced, and may not use the latest & greatest controllers.
Different drives have different rates of over-provisioning - just about every SSD has more capacity than it is listed to have and the manufacturer will configure the drive to reserve a certain percentage of space for wear-leveling and such. Depending on your profile, consider this when buying an SSD as this is extremely valuable space. The OWC 200GB drive and 240GB drive are essentially the same thing, with different amounts of reserved space. One important reason for this is that if the drive will see an extreme amount of activity (say if it’s used in a server for a high performance database), and/or if it will be filled to capacity on a regular basis, you want extra space reserved for wear-leveling as this will increase the life of the drive.
General Rule: If you’re going to run the SSDs in a RAID set or on a heavily used server – go with the over-provisioned drives (i.e the 200GB instead of the 240GB). If not, get the version with extra usable space!
Mac Pro’s are built for 3.5″ drives, while most SSDs are 2.5″. Grab one of these Pro Sleds to perfectly fit an SSD and have it slide right into place in a Mac Pro. There are others around, like from OWC, but the Pro Sled I linked comes in versions for various series of Mac Pros back to 2006, the OWC ones only fit brand new models.
Macbook Pro’s are built for 2.5″ drives, but include a relic from the past couple decades – an optical drive. Grab an optical bay replacement mount to put a second 2.5″ drive into your laptop. The cheap route is to search Amazon for “optibay”, there you’ll find some $17 options. A higher-end route is to get one from OWC, or the real Optibay kit from MCE which includes a USB enclosure for your removed DVD drive (helpful if you need to re-install the OS).
Using the optical bay replacement solutions listed above, you can choose to run a macbook pro with one standard hard drive, and one SSD. This gives the beneifit of SSD for speed and the hard drive for cost-effective storage. Her are a couple of tips if you go this route:
SSDs are susceptible to wear over time (although this has been greatly reduced in newer drives running the Sandforce controllers), so here are a few tweaks to eliminate some needless writes to the drive.
The default behavior of an HFS+ filesystem is to keep track of the last time any file was accessed. This is largely pointless, it’s important to know when a file was last updated, but who cares about access time!
Create a file called com.noatime.plist (actually you can name it anything you want, but use the extention .plist), containing the following:
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>Label</key> <string>com.my.noatime</string> <key>ProgramArguments</key> <array> <string>mount</string> <string>-vuwo</string> <string>noatime</string> <string>/</string> </array> <key>RunAtLoad</key> <true/> </dict> </plist>
Place that file in the directory /Library/LaunchDaemons
Set the ownership of the file with the command
sudo chown root:wheel /Library/LaunchDaemons/com.noatime.plist
Delete /etc/rc.local if it exists
Restart the system
To verify, enter the command mount at a Terminal prompt. You should see “noatime” listed as an attribute of your filesystem.
NOTE: If you have multiple SSDs, see this post for details on how to set noatime on each of them.
Computers today have a lot of RAM, every time you close the lid on a MacBook Pro (or otherwise put it to sleep) it will write out a hibernate file containing the contents of memory. This could be an 8GB file, written on a regular basis. Try an app called SmartSleep. Or just disable hibernate all-together with this command:
sudo pmset -a hibernatemode 0
Some folks say if you’re running an SSD with no physical hard drives at all that you can disable the Sudden Motion Sensor. I haven’t bothered to do this (as I haven’t seen evidence of it actually providing a performance improvement) but here’s the command:
sudo pmset -a sms 0
Yes you still need to back up an SSD, they can die just like any other piece of technology.
Read up on SSD technology and you will inevitabely run into the term TRIM. There’s a great explanation of it here. In summary when you write data to a standard hard drive, there is no difference between writing to an empty block, and overwriting a block that already has data in it. On an SSD the block must be erased before being re-written, effectively causing a double-write operation if the block is not empty. TRIM is a way for the Operating System to tell the SSD “go ahead and delete this block” once it knows a file has been deleted and the underlying space can be freed. The SSD can then consider this a known empty block and when a new write operation comes along, it won’t have to erase the block first before writing. Some SSDs have a Garbage Collection feature in their firmware that attempts to figure out what blocks aren’t needed and proactively delete them during idle time. This is ok, but TRIM is really the superior solution.
TRIM support is built into OS X, however Apple has decided to enable it only for SSDs that are its own OEM models. This is easy enough to get around though. There was a GUI “TRIM Enabler” around that worked for 10.6, but don’t bother with it on Lion. Instead, use this method provided by Grant Pannell:
sudo cp /System/Library/Extensions/IOAHCIFamily.kext/Contents/PlugIns/IOAHCIBlockStorage.kext/Contents/MacOS/IOAHCIBlockStorage /System/Library/Extensions/IOAHCIFamily.kext/Contents/PlugIns/IOAHCIBlockStorage.kext/Contents/MacOS/IOAHCIBlockStorage.original
sudo perl -pi -e 's|(\x52\x6F\x74\x61\x74\x69\x6F\x6E\x61\x6C\x00{1,20})[^\x00]{9}(\x00{1,20}\x51)|$1\x00\x00\x00\x00\x00\x00\x00\x00\x00$2|sg' /System/Library/Extensions/IOAHCIFamily.kext/Contents/PlugIns/IOAHCIBlockStorage.kext/Contents/MacOS/IOAHCIBlockStorage
sudo kextcache -system-prelinked-kernel sudo kextcache -system-caches
Open “About This Mac”, then click “More Info…”, then “System Report…”. Under Hardware open Serial-ATA, then click on one of your SSDs – look for “TRIM Support: Yes”.
NOTE: If you do future system updates TRIM support may be disabled, easy enough just repeat this process.
Those little “like” buttons littered around the web can have unintended consequences. See the pic below of what a simple click can do – broadcast to your entire group of Facebook friends your porn habits. Be careful what you click, it just might show up in the news feed of your friends.
Imagine my frustration when one of the most fantastic features new apps released for a mobile operating system – Google’s new Voice Actions, decides that it’s not going to install on my Droid (running Cyanogenmod CM6 RC1). Since so many of the people running 2.2 on their Droid or other Android phone are doing so via one of the unofficial custom ROMs, I might not be the only one with this issue.
Thankfully a quick look through some forum sites finds the answer. It’s applicable whenever you need to uninstall (or update) an app that’s part of the base install of your ROM and therefore not uninstallable.
Open Terminal Emulator and type the following commands:
cd /system/app su mount -o rw,remount -t yaffs2 /dev/block/mtdblock03 /system mv VoiceSearch.apk VoiceSearch.apk.old
Then reboot your phone. When it comes back up the application should install cleanly.
Thanks to blitzburgh39 on droidforums.net.
Every day I read hundreds of tech articles so you don’t have to. These are some worth remembering:
Beyond their typical usage for Skype and Chatroulette, Logitech is going after more of the web-cam security monitoring market. Engadget
Keeping your cab driver honest – Bing maps adds a Taxi fare calculator. Great feature, but this is aching to be a mobile app. Bing
Gorgeous typography interface. Typogrpah
GPGMail finally gets around to updating for Snow Leopard. Security is good, user-friendly security is better.
Bing scores again – an OpenStreetMaps layer. The H
Recent Comments